[CentOS] How to properly install rsh without compromising system security

Wed May 25 09:13:51 UTC 2005
Maciej Żenczykowski <maze at cela.pl>

This really depends on what kind of functionality you need.
_But_ you could simply make /usr/bin/rsh a symlink to /usr/bin/ssh
and make sure "ssh machine ls" works - the easiest way to get that to work 
is to run "ssk-keygen -t dsa" on the client and copy the resultant 
~/.ssh/id_dsa.pub into the servers ~/.ssh/authorized_keys and make sure 
the server has RSAAuthentication yes in /etc/ssh/sshd_config

although, this of course depends on what actual functionality of 
rsh/rlogin/rexec you need (ie. commandline switches and whether you 
actually need rlogin)...

Cheers,
MaZe

On Wed, 25 May 2005, Olaf Greve wrote:

> Hi,
>
> For a project at work we are currently installing a distributed software 
> development platform which has been developed years ago. All swell, of 
> course, but the issue is that it depends on rsh for remote application 
> invocation.
>
> Now... I have always been taught that rsh, rlogin and rexec are BAD and that 
> one should really stick to SSH only.
>
> Unfortunately, I do not have enough time to completely patch over the 
> platform such that it will use SSH (and frankly, that's really a task the 
> official developers should perform!), so, I'd like to temporarily enable rsh.
>
> Now, I did some quick RTFM-ing and checking in Google, and it looks like this 
> is provided by xinetd.
>
> From Gnome's services menu I have enabled rsh (and hence xinetd), but I do 
> not yet seem to be able to remotely perform something like "rsh <machine 
> name> ls". It just says "permission denied". Good. No problem. In fact, this 
> is probably good. ;)
>
> So, to proceed with this the proper way, can anyone tell me how I can 
> properly configure rsh such that I do not compromise system security too much 
> (note: I am behind a firewall and my machine is not accessible in any way 
> from the outside world, so there is not all too much concern in opening up 
> rsh, even with root access)?
>
> Also, on a more general note: I'm not familiar yet with proper PAM concepts 
> and configuration. Does anyone know a good (and preferrably not all too long) 
> reference guide with which I can quickly and properly familiarise myself with 
> the concepts and the proper way of configuring it?
>
> Tnx in advance, and cheers!
> Olafo
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>